Red Hat Customer Portal

Skip to main content

CVE-2010-1168

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

Details Source

Mitre

Public Date

2010-05-20 00:00:00

Impact

Moderate

Bugzilla

CVE-2010-1168 perl Safe: Intended restriction bypass via object references

Bugzilla ID

576 508

CVSS Status

verified

Base Score

5.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:N

Acknowledgements

Red Hat would like to thank Tim Bunce for responsibly reporting this issue. Upstream acknowledges Nick Cleaton as the original reporter.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (perl) RHSA-2010:0457 2010-06-07
Red Hat Enterprise Linux 5 (perl) RHSA-2010:0458 2010-06-07
Red Hat Enterprise Linux 4 (perl) RHSA-2010:0457 2010-06-07